Vulnerability CVE-2013-3582


Published: 2013-08-28   Modified: 2013-08-29

Description:
Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
DELL -> Latitude d 
DELL -> Latitude e6400 atg xfr 
DELL -> Latitude e 
DELL -> Latitude e6500 
DELL -> Latitude xt2 
DELL -> Precision m2300 
DELL -> Latitude z600 
DELL -> Precision m2400 
DELL -> Precision m 
DELL -> Precision m4300 
DELL -> Latitude d530 
DELL -> Precision m4400 
DELL -> Latitude d531 
DELL -> Precision m6300 
DELL -> Latitude d630 
DELL -> Precision m6400 
DELL -> Latitude d631 
DELL -> Precision m6500 
DELL -> Latitude d830 
DELL -> Latitude e4200 
DELL -> Latitude e4300 
DELL -> Latitude e5400 
DELL -> Latitude e5500 
DELL -> Latitude e6400 
DELL -> Latitude e6400 atg 

 References:
http://www.kb.cert.org/vuls/id/BLUU-99HSLA
http://www.kb.cert.org/vuls/id/912156
https://www.blackhat.com/us-13/archives.html#Butterworth
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf

Copyright 2020, cxsecurity.com

 

Back to Top